Subject: Google Warns of Quantum Era Security Risks: Is Your Data Safe?
Source: Android Headlines
https://www.androidheadlines.com/2026/02/google-quantum-era-cybersecurity-call-to-action.html
Google is calling for a worldwide switch to post-quantum cryptography (PQC) to keep digital infrastructure safe from quantum attacks in the future. Hackers are already using “store now, decrypt later” methods, which is why the tech giant says it’s important to switch to NIST standards and get rid of old systems.
The promise of quantum computing feels like something out of a sci-fi novel. We have heard about potentially huge breakthroughs in medicine and energy. However, its implementation in the real world still carries a hidden sting. Google recently issued a global call to action, warning that bad actors could use the quantum technology, originally designed to solve “impossible” problems, to dismantle the digital locks protecting our bank accounts, private messages, and national secrets.
Google warns: The quantum era could shatter today’s digital security – The most unsettling part of the quantum threat isn’t just about the future, but about what is happening right now. Malicious actors are currently engaging in “store now, decrypt later” attacks. They are vacuuming up vast amounts of encrypted data today, betting that a powerful quantum computer will eventually act as a “skeleton key” to unlock it in the coming years.
It’s noteworthy that these “cryptographically relevant” quantum computers don’t fully exist yet. However, the data being stolen today—like health records or trade secrets—could still be highly sensitive when they arrive.
In 2024, the National Institute of Standards and Technology (NIST) finalized the first set of post-quantum cryptography (PQC) standards. These are mathematical algorithms specifically designed to be “quantum resistant.” Google is already rolling them out across its infrastructure and products like Chrome. The Mountain View giant has been experimenting with these protections since 2016.
First, the company suggests updating the cloud infrastructure. Instead of spending billions trying to retrofit old, “hard-coded” legacy systems, organizations should move to cloud-based platforms that can update their security protocols automatically.
…
Filed:
Source: Malwarebytes
https://www.malwarebytes.com/blog/news/2026/02/open-the-wrong-pdf-and-attackers-gain-remote-access-to-your-pc
Cybercriminals behind a campaign dubbed DEAD#VAX are taking phishing one step further by delivering malware inside virtual hard disks that pretend to be ordinary PDF documents. Open the wrong “invoice” or “purchase order” and you won’t see a document at all. Instead, Windows mounts a virtual drive that quietly installs AsyncRAT, a backdoor Trojan that allows attackers to remotely monitor and control your computer.
It’s a remote access tool, which means attackers gain remote hands‑on‑keyboard control, while traditional file‑based defenses see almost nothing suspicious on disk.
From a high-level view, the infection chain is long, but every step looks just legitimate enough on its own to slip past casual checks.
Victims receive phishing emails that look like routine business messages, often referencing purchase orders or invoices and sometimes impersonating real companies. The email doesn’t attach a document directly. Instead, it links to a file hosted on IPFS (InterPlanetary File System), a decentralized storage network increasingly abused in phishing campaigns because content is harder to take down and can be accessed through normal web gateways.
The linked file is named as a PDF and has the PDF icon, but is actually a virtual hard disk (VHD) file. When the user double‑clicks it, Windows mounts it as a new drive (for example, drive E:) instead of opening a document viewer. Mounting VHDs is perfectly legitimate Windows behavior, which makes this step less likely to ring alarm bells.
Source: Image Whisperer
https://www.bespacific.com/why-ai-detection-fails-on-the-fakes-that-matter-most/
“Image Whisperer AI Image Detector – beta v9.94 – Media Verification & Research tool, detects AI, by Henk van EssTotal. Fakes are easy to spot. Hybrid fakes slip through. Most AI detectors work like calculators — they output a number. They need to work like detectives — really look at the evidence. Developed by Henk van Ess with Claude Code by Anthropic as coding assistant…The Verdict System – ImageWhisperer doesn’t just output a number. It weighs evidence from multiple detection systems, applies LLM judgment, and delivers a color-coded verdict with a clear explanation of why.”
Source: PDF Association
https://www.bespacific.com/a-case-study-in-pdf-forensics-the-epstein-pdfs/
PDF Association: “We report on the technical aspects of the PDF files released by the US Department of Justice in connection with the Epstein Files Transparency Act. The recent release of a tranche of files by the US Department of Justice (DoJ) under the “Epstein Files Transparency Act (H.R.4405)” has once again prompted many people to closely examine redacted and sanitized PDF documents. Our previous articles on the Manafort papers and the Mueller report, as well as a study by Adhatarao, S. and Lauradoux, C. (2021) “Exploitation and Sanitization of Hidden Data in PDF Files: Do Security Agencies Sanitize Their PDF files?,” in Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security, illustrate the importance of robust sanitization and redaction workflows when handling sensitive documents prior to release.
Source: WTAE
https://www.wtae.com/article/nancy-guthrie-fbi-nest-camera-video-raises-privacy-questions/70306538
Tuesday’s release of video surveillance footage showing an armed, masked person at Nancy Guthrie’s doorstep on the night she was abducted has raised a host of questions about why it took so long to publicly release, how it was retrieved, and what it means for privacy.
The process involved days of searching, the FBI said, after law enforcement initially believed the footage was lost because the camera was disconnected and Guthrie didn’t have a subscription to the camera company.
The surprising emergence of the video footage has resurrected questions about digital content’s long afterlife, as billions of people increasingly entwine their lives with a mishmash of internet-connected devices, making it possible to retrieve snapshots from their past like old photos stored in an attic.
Always recording – Local and federal law enforcement didn’t respond to questions clarifying what they meant by “disconnected” or who was working on recovering the data.
However, Google’s privacy policy — a document that users often blindly agree to after purchasing a device — makes it clear that videos can be captured when a device is offline.
“That means you may not see a visual indicator when your camera is sending the video footage to our servers,” the policy states.
Data on the cloud doesn’t disappear The policy also makes clear that footage can stay on cloud servers for varying amounts of time, but also gives users the right to view and delete video at their discretion.
Unless a Nest user subscribes to a service that allows for quick access to review footage recorded on a device, Google routinely purges the footage rather than retain it indefinitely, said Stacey Higginbotham, a policy fellow at Consumer Reports who specializes in cybersecurity issues.
Subject: Google Handed Over Journalist’s Data to ICE Without Court Order
Source: Android Headlines
https://www.androidheadlines.com/2026/02/google-ice-subpoena-journalist-private-data-privacy.html
Google reportedly complied with an administrative subpoena from ICE to hand over personal and financial data belonging to journalist Amandla Thomas-Johnson. Because the request did not require a judge’s approval, digital rights groups like the EFF are urging tech companies to resist such demands and provide users with enough notice to challenge them in court.There is once again a heated debate about digital privacy. A recent report says Google fulfilled a data request (via administrative subpoena) from the US Immigration and Customs Enforcement (ICE) targeting Amandla Thomas-Johnson, a British student and journalist. He went to a protest on campus for a short time in 2024. What makes this case stand out is how much information was shared and how little a judge was involved.
Why Google complied with a subpoena (non-judicial) ICE data request
Unlike a traditional warrant, an administrative subpoena is issued directly by a federal agency without judicial oversight. These requests cannot force a company to hand over the actual content of emails or search histories. However, authorities may use them to unmask account owners.
In this instance, The Intercept reports that Google provided a trove of metadata. The disclosure included usernames, physical addresses, and IP addresses. Perhaps most surprisingly, it also involved financial details. This includes credit card and bank account numbers linked to the journalist’s account. This happened shortly after the revocation of the student’s visa. Google completed the request without giving Johnson a chance to answer it in court, the report says.
…
Related Topics:
Source: Homeland Preparedness News
https://homelandprepnews.com/stories/83912-dhs-data-dragnet-under-scrutiny-as-watchdog-opens-audit/
The watchdog office for the U.S. Department of Homeland Security (DHS) launched an audit Feb. 4 into the department’s data practices, including those used by Immigration and Customs Enforcement (ICE), in response to serious concerns about potential data privacy abuses and the misuse of sensitive personal information.
The objective of the audit, entitled “DHS’ Security of Biometric Data and Personally Identifiable Information (PII),” is to determine how DHS and its components collect or obtain PII and biometric data related to immigration enforcement efforts and the extent to which that data is managed, shared, and secured in accordance with law, regulation, and department policy, according to Inspector General Joseph Cuffari.
The new audit follows pressure from U.S. Sens. Tim Kaine and Mark Warner, both Democrats representing Virginia, who last month expressed concerns that DHS is collecting sensitive personal data that can be used to circumvent civil liberty protections, including those guaranteed under the Fourth Amendment.
[…]
Source: Route Fifty
https://www.route-fifty.com/emerging-tech/2026/02/arizona-senate-panel-advances-bill-shields-police-surveillance-cameras-public-scrutiny/411349/
The proposal defines what ALPRs can be used for, something its sponsor, Sen. Kevin Payne, R-Peoria claimed in a press release announcing the bill earlier this year that “draws a clear line” and allows law enforcement to use the technology while “protecting innocent Arizonans from government overreach.”
The bill also mandates audits and mandatory training on the technology, though it leaves that up to the agencies to figure out.
But one thing Payne didn’t mention during the committee hearing is that his legislation snuffs out public scrutiny of how license plate readers are used in Arizona by exempting all ALPR data from public records.
Source: FedScoop
https://fedscoop.com/dhs-cbp-contract-biometric-facial-recognition-ai/
U.S. Customs and Border Protection plans to augment its facial recognition and biometric capabilities through a one-year base contract with Clearview AI, which will provide the agency with access to a database of more than 60 billion publicly available images.
The deal posted earlier this week is expected to kick off in September and includes the procurement of 15 software licenses for agents in its intelligence division at the National Targeting Center. The investment, CBP said, will enhance its “tactical targeting” capabilities and support “counter-network analysis.”
“One of the most significant changes in how CBP executes its responsibilities is the manner in which open-source information is leveraged to more fully inform strategic and tactical operations,” CBP said in the contract. “Through the efficient exploitation of this information, CBP can more effectively and efficiently identify, target, screen, and interdict inbound and outbound passengers who pose a threat to national security, public safety and lawful trade and travel.”
The contract is the latest in a string of adoption plans to accelerate the Department of Homeland Security’s use of third-party tools as a way to improve investigations and law enforcement operations.
“No enforcement action is taken based solely on the leads generated by this tool,” the agency said in its AI inventory. “All potential identifications undergo thorough investigation and validation to ensure accuracy and compliance with established standards.”
As DHS readies itself for yet another year of biometric and facial recognition tool expansion, lawmakers are simultaneously trying to rein in the agency’s use.
“Without oversight, this technology is dangerous in the hands of any government,” Merkley said in a press release.
…
In This Story
Source: Schneier on Security
https://www.schneier.com/blog/archives/2026/02/3d-printer-surveillance.html3D Printer SurveillanceNew York is contemplating a bill that adds surveillance to 3D printers:
New York’s 20262027 executive budget bill (S.9005 / A.10005) includes language that should alarm every maker, educator, and small manufacturer in the state. Buried in Part C is a provision requiring all 3D printers sold or delivered in New York to include “blocking technology.” This is defined as software or firmware that scans every print file through a “firearms blueprint detection algorithm” and refuses to print anything it flags as a potential firearm or firearm component.
I get the policy goals here, but the solution […]
Subject: Supply chain breaches fuel cybercrime cycle, report says
Source: The Register
https://www.theregister.com/2026/02/12/supply_chain_attacks/
Cybercriminals are turning supply chain attacks into an industrial-scale operation, linking breaches, credential theft, and ransomware into a “self-reinforcing” ecosystem, researchers say.
In its latest trends report, Group-IB reckons individual strikes that lead to broader downstream compromises of businesses are now interconnected as cyberbaddies pursue multiple methods to breach vendors and service providers.
Supply chain hacks like the recent Shai-Hulud NPM worm, Salesloft debacle, or the OpenClaw package poisoning are fast becoming the primary goals of the criminal fraternity who try to exploit the inherited access to a victim’s customers.
“Open source package compromise feeds malware distribution and credential theft,” the research states.
…
Filed: https://www.theregister.com/security/cyber_crime/
More about
Source: WIRED
https://www.wired.com/story/crypto-funded-human-trafficking-is-exploding/
The use of cryptocurrency in sales of human beings for prostitution and scam compounds nearly doubled in 2025, according to a conservative estimate. Many of the deals are happening in plain sight.
Cryptocurrency’s frictionless, transnational, low-regulation transactions have long promised the ability to pay anyone in the world for anything. More than ever before, that anything includes human beings: victims of human trafficking forced into scam compounds and the sex trade on an industrial scale, bought and sold in crypto deals carried out with impunity, often in full public view.
In new research published today, crypto-tracing firm Chainalysis found that crypto-funded transactions for human trafficking—largely forced laborers trapped in compounds across Southeast Asia and coerced into working as online scammers, as well as sex-trafficking prostitution rings—grew explosively in 2025. According to the firm’s analysis, based largely on tracing across blockchains the cryptocurrency those criminal operations use, researchers found that crypto transactions for human trafficking grew at least 85 percent year over year. The total amount of those transactions, Chainalysis says, is now at least in the hundreds of millions of dollars annually—though it declined to give an exact number for that sales total because it considered its measurements to be a conservative estimate that likely undercounts the true scale of the issue.
“This is the continuation of a story of industrialized exploitation,” says Chainalysis analyst Tom McLouth. “The emergence of borderless, low-fee payments has created the opportunity for human trafficking to scale faster.”
The scam compounds across Myanmar, Cambodia, and Laos that exploit forced laborers, most often lured from …
While crypto has likely fueled the growth of the sex trafficking trade, McLouth notes that the ability to track cryptocurrency across blockchains may have also exposed to scrutiny an industry that had long thrived in secret. “This is new visibility into one of the oldest crimes in in existence,” McLouth says.
Topics:
Source: How-to Geek
https://www.bespacific.com/these-video-doorbells-dont-rely-on-the-cloud-or-subscriptions/
Follow up to No One, Including Our Furry Friends, Will Be Safer in Ring’s Surveillance Nightmare – See Also How to Geek – “Picking a video doorbell that doesn’t rely on the cloud means you can save footage locally and not rely on pricey subscriptions. Pair it with a smart home platform like Home Assistant, and your doorbell will keep working when the internet doesn’t. Here are some ideas for video doorbells that work offline, even if they do have optional cloud subscriptions…”